domain

package
v0.0.0-...-0eb8f9d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 8, 2024 License: BSD-3-Clause Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckIpInTailnet

func CheckIpInTailnet(ip netip.Addr, tailnet *Tailnet) database.Q[bool]

CheckIpInTailnet returns true if the provided ip exists in the given tailnet.

func CheckMembership

func CheckMembership(u *User, tailnet int64) database.Q[bool]

CheckMembership returns true is the user is part of the given tailnet

func CreateRegistrationRequest

CreateRegistrationRequest creates a new registration request for node, identified by its noise key, and the given request data passed into /machine/register.

func DeleteNode

DeleteNode deletes the given machine record from the database.

func ExpireNode

ExpireNode update the node's ExpireAt timestamp to the given expiry time.

func FindOrCreateUser

func FindOrCreateUser(claims UserClaims) database.Q[User]

FindOrCreateUser returns a user or create a new one based the provided claims.

UserClaims.Subject is used to uniquely identify a user in the system.

func GetMachineByKey

func GetMachineByKey(k key.MachinePublic) database.Q[Machine]

GetMachineByKey returns the machine identified by its noise key.

func GetNextNameIndex

func GetNextNameIndex(tailnet *Tailnet, name string) database.Q[int]

GetNextNameIndex returns the next index number for use as arbiter to distinguish between machine's with same hostname.

func ListMachines

func ListMachines(t *Tailnet) database.Q[Machine]

ListMachines returns a list of all machines that are part of this tailnet

func ListMembers

func ListMembers(tailnet int64) database.Q[User]

func ListTailnets

func ListTailnets(u *User) database.Q[Tailnet]

ListTailnets return all tailnets where the given user is a member.

func RegistrationRequestById

func RegistrationRequestById(id string) database.Q[RegistrationRequest]

RegistrationRequestById returns the RegistrationRequest identified by the given id.

func SanitizeTailnetName

func SanitizeTailnetName(name string) string

func SaveMachine

func SaveMachine(m *Machine) database.I[Machine, *Machine]

SaveMachine upsert the machine into the database. If an existing machine with the same (noise_key, node_key) pair is found, the record is updated.

Only select few fields are update-able! Most notably, the noise_key and tailnet membership cannot be changed after creation.

func SaveRegistrationRequest

SaveRegistrationRequest saves the updated registration request.

func TailnetById

func TailnetById(id int64) database.Q[Tailnet]

TailnetById returns the Tailnet identified by the given id.

func UserBySubject

func UserBySubject(subject string) database.Q[User]

UserBySubject returns a user account for the given subject.

Types

type ACL

type ACL struct{ *tacl.ACL }

ACL wraps tacl.ACL to implement encoding.TextUnmarshaler which uses tacl.Parse to parse HuJson formatted policy into ACL struct

func (*ACL) UnmarshalText

func (a *ACL) UnmarshalText(buf []byte) error

type Machine

type Machine struct {
	ID        int               `db:"id"`             // auto-generated unique machine identifier
	Name      string            `db:"name"`           // machine's hostname
	NameIdx   int               `db:"name_idx"`       // arbiter used as suffix to guarantee unique hostname within a given tailnet
	NoiseKey  key.MachinePublic `db:"noise_key"`      // machine's public key used when establishing secure Noise channel over /ts2021
	NodeKey   key.NodePublic    `db:"node_key"`       // key used for wireguard tunnel and for communication over DERP
	DiscoKey  key.DiscoPublic   `db:"disco_key"`      // key used for peer-to-peer path discovery
	Ephemeral bool              `db:"ephemeral"`      // is the device ephemeral?
	HostInfo  *tailcfg.Hostinfo `db:"host_info,json"` // serialized tailcfg.HostInfo object from either the first registration request or subsequent map requests
	Endpoints []netip.AddrPort  `db:"endpoints,json"` // machine's magicsock UDP ip:port endpoints (can be public and / or private addresses)
	IPv4      netip.Addr        `db:"ipv4"`           // assigned IPv4 address for this node

	CreatedAt time.Time  `db:"created_at"`
	ExpiresAt time.Time  `db:"expires_at"`
	LastSeen  *time.Time `db:"last_seen"`

	TailnetID int      `db:"tailnet_id"`
	Tailnet   *Tailnet `db:"tailnet,json"` // the Tailnet this node is part of

	UserID int   `db:"user_id"`
	Owner  *User `db:"user,json"` // user this node belongs to; renamed to prevent conflict with User()

	// Role of the user for whom this object was fetched.
	//
	// This field isn't stored in the tailnet's table and is only added by the ListMachines
	// query to when JOINed with tailnet_members table for a given user.
	Role string `db:"role"`
}

Machine represents an individual node in the Tailnet. A machine belongs to a User, and it's lifecycle is tied to the Tailnet's and the User's lifecycle.

A node is assigned an IP when it is created. Node is created using information present in tailcfg.RegisterRequest passed to the /machine/register endpoint, and is updated by the node using tailcfg.MapRequest passed into /machine/map endpoint.

For node creation, refer to oidc.AuthComplete handler.

func (*Machine) AllowedIPs

func (m *Machine) AllowedIPs() []netip.Prefix

func (*Machine) AsNode

func (m *Machine) AsNode() *tailcfg.Node

func (*Machine) CompleteName

func (m *Machine) CompleteName() string

CompleteName returns the machine's name with optional name_idx suffix applied.

func (*Machine) HostName

func (m *Machine) HostName() string

func (*Machine) IP

func (m *Machine) IP() (v4, v6 netip.Addr)

func (*Machine) IsExpired

func (m *Machine) IsExpired() bool

IsExpired returns true if the machine has expired.

func (*Machine) Tags

func (m *Machine) Tags() []string

func (*Machine) User

func (m *Machine) User() tacl.User

type RegistrationRequest

type RegistrationRequest struct {
	ID            string                  `db:"id"`            // random text id used to identify requests; exposed in callback endpoint
	NoiseKey      key.MachinePublic       `db:"noise_key"`     // machine's public key used when establishing secure Noise channel over /ts2021
	Data          tailcfg.RegisterRequest `db:"data,json"`     // tailcfg.RegisterRequest object passed to /machine/register
	Authenticated bool                    `db:"authenticated"` // is the request authenticated? becomes true after oidc flow completes successfully
	Error         string                  `db:"error"`         // any error that occurs during authentication flow

	UserID sql.Null[int] `db:"user_id"`
	User   *User         `db:"user,json"` // the user who authenticated the request

	CreatedAt time.Time `db:"created_at"`
}

RegistrationRequest represents a node's request to join a tailnet network.

A new request is created when a node first makes the /machine/register request. The request is subsequently accessed and modified by the /oidc endpoints.

For more details on authentication and error propagation, see oidc.AuthComplete and coordinator.MachineRegister

type Tailnet

type Tailnet struct {
	ID   int    `db:"id"`   // auto-generated unique id of the tailnet
	Name string `db:"name"` // unique name of the tailnet
	Acl  *ACL   `db:"acl"`  // this tailnet's access control policy

	CreatedAt time.Time `db:"created_at"`
	UpdatedAt time.Time `db:"updated_at"`

	// Role of the user for whom this object was fetched.
	//
	// This field isn't stored in the tailnet's table and is only added by the ListTailnets
	// query to when JOINed with tailnet_members table for a given user.
	Role string `db:"role"`
}

Tailnet represents an individual tailnet network managed by Wirefire.

type User

type User struct {
	ID      int        `db:"id"`          // auto-generated, unique id of the user
	Subject string     `db:"sub"`         // subject claim extracted from the oidc token
	Name    string     `db:"name"`        // name claim extracted from the oidc token
	Claims  UserClaims `db:"claims,json"` // standard user claims present in the oidc token

	CreatedAt time.Time `db:"created_at"`
}

User represents an individual user on the system.

A user can be part of 0 or more tailnets and own machines that participate in the tailnet network.

func (User) AsUserProfile

func (u User) AsUserProfile() tailcfg.UserProfile

func (User) LoginName

func (u User) LoginName() string

func (User) Roles

func (u User) Roles() []string

type UserClaims

type UserClaims struct {
	Issuer  string `json:"iss"`
	Subject string `json:"sub"`
	Name    string `json:"name"`
	Email   string `json:"email,omitempty"`
	Picture string `json:"picture,omitempty"`
}

UserClaims is a set of standard oidc claims returned by the provider during login step in the oidc token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL